After having a quite depressing discussion about how Tor will evolve in Germany considering the data retention laws, I met a guy on IRC who told me about his new really cool project.

Camilo Viecco, who’s just doing his PhD in CS at the Indiana University, developed a naive UDP-implementation of the anonymisation-principle known as onion-routing from scratch. It’s far from perfect and it wouldn’t meld with the Tor-code easily, but it’s a first approach to improve latency for anon-services.

Tdor is an anonymisation-software to be installed on your local PC. It enables you to use the internet anonymously by configuring tdor as a proxy in your webbrowser. By using this software, no one can find out your IP-address, effectively resulting in an obfuscation of your identity.

What’s different about this project compared to regular anonymisation-systems is that tdor is using UDP instead of TCP, dramatically improving the well-known latency you suffer off when you’re using regular TCP-based anon-systems.

The project didn’t even release it’s first alpha-version, but the version I tested was usable and quite fast. I couldn’t make a difference of regular internet-connections and Internet over tdor.

Though where’s light, there’re shadows: The whole tdor-network only uses six nodes at the moment. It’s not meant to be used for real productive use, it’s only for testing – though it works cool!

At the moment the whole project consists of just a handful of people, but I bet Camilo appreciates any help he can get.

So. If you wanna participate in a really cool fancy brand-new cutting-edge anonymisation technology, grab the sources, compile it, run it and report bugs and issues!

The German Privacy Foundation was finally officially established. The GPF thinks everyone has the right for privacy and anonymous communication. Anonymity is one of the fundamental basics to privacy and support human- and citizen’s rights.

It’s goals are to inform and educate about safe communication on the internet, supporting and organising tutorialsfor citizen about those topics.

The GPF is supporting and endorsing the development and deployment of anonymous infrastructure.

The Privacy Legal Fund (Germany) is a yet-to-be-founded organisation which will help voluntary operators of anonymisation-services like JAP, Tor, Mixmaster, Entropy, Freenet et al. with their problems with the Feds.

Much like the GPF, they want to promote the useage of privacy-enhancing internet-tools, but puts it’s emphasis on direct action instead of education. In that sense, the GPF and the PLC will be complementary.

The PLF doesn’t have fixed rules yet, they’re still to be defined. The PLF will be a non-profit organisation.

Contact: Contact me using the contact-form in this blog. You may encrypt the message using the PGP-key 0x90DEE171.

An animal rights activist has been ordered to hand over her encryption keys to the authorities.

Section Three of the Regulation of Investigatory Powers Act (RIPA) came into force at the start in October 2007, seven years after the original legislation passed through parliament. Intended primarily to deal with terror suspects, it allows police to demand encryption keys or provide a clear text transcript of encrypted text.[…] she has been given 12 days to hand over a pass-phrase to unlock encrypted data held on the drive – or face the consequences. [Failure to comply can result in up to two years imprisonment for cases not involving national security, or five years for terrorism offences and the like.]

So what do we have here?

A dodgy law which is meant for serious crimes and terrorists.
A women engaged in animals rights.

I almost spilled my coffee over my keyboard while reading the interview. I knew that he’s absolutely for Law and Order but I couldn’t imagine that he’s that ignorant about what the citizen think about his plans to introduce a governmental trojan horse, which should infiltrate terrorist’s computers. It’s about security, isn’t it? (And the children. And world peace. Are you against the children or what? Either your’re with us or the terrorist.)

Some examples:

TAZ: Mr. Schäuble, are you Germany’s highest ranked hacker?
Schäuble: No, I don’t get into any computer, and frankly I don’t really know how the police is doing that. I barely know what a trojan horse is.

TAZ: Are you afraid of those so called trojans, means e-spionage software?
Schäuble: No, in general I never open attachments in email, where I’m not sure about it’s origin. And also I’m a decent guy, the BKA [German Federal Police] doesn’t need to send trojans to me.

TAZ: 10,000 citizen are planning to file a constitutional complaint against the mandatory data retention. Don’t you get contemplative about that?
Schäuble: That doesn’t bother me any more.

Once again I’m totally convinced that the politicians don’t give a damn about the citizen’s opinion. They try to justify every surveillance measurement with the terrorism/child-porn/internet pirate argument.

To quote a fellow blogger: “As a Web Worker, you have undoubtedly used, tried, or at least heard of Skype, that wonderful peer-to-peer IM/voice tool that end users love, but security administrators detest.”

Wee. I had my own experience with Skype (see the first posting, Bloglines still isn’t able to recover all the postings correctly); they just kill your account-balance if you don’t use your account for a while. They claim that the administrative hassle is too much, so I can’t be with them anymore. Whatever, probably I wasn’t made for loving them.

Also there was quite a discussion what kind of encryption Skype uses, their motto is security through obscurity. They’re using a propriatary encryption which was never disclosed and is therefore of doubtful security.

Now i just read this posting at /.; The Skype-software is now accused of reading the BIOS.

For what? There is no apparent reason why Skype should be reading the BIOS. Except maybe reading some serial number.

Skype. What’s your bloody problem. Eh? Tell us. This is crazy. Not that you only take the piss with your customers accouting-wise, now you’re collecting data about your customers which you aren’t supposed to collect. And, I make this statement clear: This action is absolutely illegal in Germany. The german privacy-laws clearly say that you’re only allowed to collect data about users if they AGREE and that you’re only allowed to collect data necessary for billing. Nothing bloody else.

What the hell is wrong with those people? Isn’t there an organization in the EU which could sue their ass off? Well, there’s the newly founded EFF Europe, but I doubt that they’re already fully operational.